HP ArcSight Connectors
Comprehensive Event Collection
Organizations collect log data for a variety of uses ranging from security monitoring to IT operations, and from regulatory compliance to fraud detection. Event logs are generated throughout an organization in a large variety of formats.
HP ArcSight Connectors solve the problem of managing log records in hundreds of different formats. While the HP ArcSight SIEM Platform can collect log records in native formats, HP ArcSight Connectors provide normalization to a common format, which greatly improves reporting and analysis. By normalizing all events into one common event taxonomy, HP ArcSight Connectors decouple analysis from vendor selection. This approach has three significant advantages:
• Future Proofing
If a Cisco router is swapped for a Juniper router or if a new SQL database is added to a network that previously only had Oracle, no reporting or rules changes are required and the organization retains continuous visibility into all activity.
• Ease of Analysis
The HP ArcSight common event format eliminates the need for end users to be familiar with hundreds of different log syntaxes across products. As a result, non-technical line of business users can easily conduct analysis on their own, reducing the burden on IT.
• Universal Content Relevance
With the HP ArcSight normalized format, a report that shows “authentication failures” will cover every system automatically, even though one application may refer to authentication failures with a specific event ID while a database refers to the same as an “unsuccessful login.”